Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Victims stored their seed phrase in LastPass (Score 4, Insightful) 74

by doug141 (#63827686) Attached to: Experts Fear Crooks Are Cracking Keys Stolen In LastPass Breach

"Then on Aug. 28, Monahan said she’d concluded that the common thread among nearly every victim was that they’d previously used LastPass to store their “seed phrase,” the private key needed to unlock access to their cryptocurrency investments."
“The seed phrase is literally the money,” said Nick Bax, director of analytics at Unciphered, a cryptocurrency wallet recovery company. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. And you can transfer my funds.”

Comment The argument before the court (Score 3, Informative) 228

by doug141 (#63752126) Attached to: US Supreme Court Allows Biden To Regulate 3D-Printed Firearms

The US argued that ATF’s rule regulating gun kits and partially assembled frames fits comfortably within Congress’s definition of a firearm as “any weapon which will or is designed to or may readily be converted to expel a projectile by the action of an explosive.” The fact that the parts require assembly or conversion to become a working weapon is accounted for in that language, The US argued.

“If a state placed a tax on the sale of tables, chairs, couches, and bookshelves, IKEA surely could not avoid that tax by claiming that it does not sell any of those items and instead sells ‘furniture parts kits’ that must be assembled by the purchasers. So too with guns: An ordinary speaker of English would recognize that a company in the business of selling kits that can be assembled into firearms in minutes — and that are designed, marketed, and used for that express purpose — is in the business of selling firearms. A contrary conclusion blinks reality.”

Submission + - Hack a Tesla, unlock hidden options (tomshardware.com)

Submitted by quonset
quonset writes: Researchers have discovered a way to hack into Tesla vehicles and unlock options which the owner would otherwise have to pay for. This ability to unlock is due to an upatchable flaw in the AMD MCU (media control unit) specific to the MCU-Z chip which is a customized AMD Ryzen SoC.

According to the researchers, they used a voltage fault injection attack (a certain class of attacks) against the MCU-Z. This class of attacks is also known as 'voltage glitching,' and is a known attack vector for Zen 2- and Zen 3-based processors; it also affects the Ryzen SoC used in Tesla's MCU-Z. Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z's Platform Security Processor. With a successful attack, objects stored in the Trusted Platform Module (TPM) can be decrypted.

"Our gained root permissions enable arbitrary changes to Linux that survive reboots and update," the researchers explain. "They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc."

"Hacking the embedded car computer could allow users to unlock these features without paying," the TU Berlin researchers add. For example, 2021 Model 3 SR+ vehicles can enable the Cold Weather Feature (heated steering wheel, heated rear seats) for an extra $300. This feature unlock is confirmed to work with the exploit.

Tesla Model Y Long Range owners can also pay $2,000 for Acceleration Boost, which decreases the 0-60 times of the vehicle from 4.8 seconds to just 4.2 seconds. Pricier options include Enhanced Autopilot, which costs $6,000, and Full Self-Driving, priced at an eye-searing $15,000. In an email to Tom's Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.

Submission + - Do Developers Tend to Scrap or Ship Their First Drafts?

Submitted by theodp
theodp writes: "Writers rework their ideas, revise, and complete many drafts before publishing a piece," reminds Erika Nichols-Frazer in How to Help with Rough Drafts. "This is important to emphasize to students, that everybody starts somewhere and puts a lot of work into the final product, that it won’t be perfect (or even close!) the first time around, or maybe the second or third."

The necessity of multiple drafts may be an idea that's drilled into children's minds by teachers and parents, but in 2023 there's still a need to remind software engineers to Throw Away Your First Draft of Your Code. "The next time you start on a major project," advises Nicole Tietz-Sokolskaya, "I want you to write code for a couple of days and then delete it all. Just throw it away. I'm serious. And you should probably have some of your best engineers doing this throwaway work. It's going to save you time in the long run."

While Tietz-Sokolskaya's advice echoes that of Ernest Hemingway ("the first draft of anything is shit"), do developers tend to scrap or ship their first drafts in the real world?

Submission + - LNG on Par with Coal in Greenhouse Gas Emissions

Submitted by sonlas
sonlas writes: The prevailing notion that natural gas is a cleaner alternative to coal and oil as a fossil fuel is facing increasing scrutiny. While it is true that natural gas emits less carbon dioxide (CO2) per unit of heat generated when burned, the picture becomes more complex when considering other factors that contribute to its overall environmental impact. One significant concern with natural gas is the release of methane, a powerful greenhouse gas, during its extraction, production, transportation, and processing. Methane is approximately 30 times more effective at trapping heat in the atmosphere than CO2 over a 100-year period. Methane leaks can occur at various stages of the gas supply chain, from wellhead emissions during drilling and extraction to leakage during transportation and distribution. Additionally, intentional venting or flaring of methane also contributes to the problem.

Recent research, highlighted in an article published in Environmental Research Letters, challenges the assumption that natural gas is a cleaner energy source compared to coal or oil. The study takes into account the full lifecycle emissions of natural gas, including methane leakage rates, and arrives at a different conclusion. With a methane leakage rate of 7.5% and other relevant factors considered, the greenhouse gas emissions from natural gas can be on par with or even exceed those of coal. Even a lower methane leakage rate of 2% can diminish the environmental advantage of natural gas significantly.

A key aspect of the study is its focus on real-world methane leakage rates. Aerial measurements conducted in various oil and gas production regions in the United States revealed substantial methane leak rates ranging from 0.65% to a staggering 66.2%. Similar leak rates have been identified in other parts of the world. These findings raise serious concerns about the climate impact of natural gas and cast doubt on its role as a so-called "transition energy" in the quest for cleaner and more sustainable energy sources.

This challenges the idea of natural gas, especially liquefied natural gas (LNG), as a suitable transition energy source and raises doubts about its environmental benefits. This complexity complicates the search for sustainable energy solutions, especially in Europe where gas was included in the green taxonomy following push from Germany.

Submission + - New algorithm spots its "potentially hazardous" near-Earth asteroid - 600' long (washington.edu)

Submitted by schwit1
schwit1 writes: An algorithm designed to discover near-Earth asteroids has identified its first "potentially hazardous asteroid," researchers from the University of Washington said in a statement.

The algorithm, known as HelioLinc3D and developed in part by researchers from the University of Washington, is still in its testing phase. The "potentially hazardous" asteroid, named 2022 SF289, was 600 feet long and was discovered during a test of the algorithm in Hawaii. Scientists were able to confirm that the asteroid "poses no risk to Earth for the foreseeable future."

The algorithm will eventually be used at the Vera C. Rubin Observatory, a survey telescope being built in Chile. The observatory will have multiple goals , including probing dark energy and dark matter and mapping the Milky Way, and is expected to begin operating in early 2025, according to the university's release. It's expected that the observatory will "dramatically increase the discovery rate" of items like asteroids. The observatory will only need to look at spots in the night sky twice per night, instead of the four times needed for telescopes, an advancement that means it can "scan the sky unprecedentedly quickly."

However, this new speed meant researchers needed to create a new type of discovery algorithm. That's where HelioLinc3D comes in. The algorithm can find asteroids in Rubin's dataset, and developers of the algorithm have had it study existing data with too few observations to be usable by conventional algorithms. It was in one of those data sets that the algorithm discovered the "potentially hazardous" asteroid 2022 SF289. The asteroid had been observed multiple times on different nights by older technology, but because it had never been seen four times in one night, it could not be properly identified. By combining the multiple observations, the algorithm made the discovery.

Submission + - the Oligarch Act, the Democrats' latest wealth-tax bill (marketwatch.com)

Submitted by ZipNada
ZipNada writes: The Patriotic Millionaires — a group that has been pushing for higher taxes on the rich for more than a decade — say that as of 2018, the richest 0.1% of U.S. households held one-fifth of the nation’s wealth. In addition, the group says that the more than 700 billionaires in the U.S. got even richer over the past few years because of the coronavirus pandemic, adding more than $1 trillion to their collective wealth.

The legislation would establish four brackets for the new tax:

2% for all wealth between 1,000 and 10,000 times median household wealth
4% for all wealth between 10,000 and 100,000 times median household wealth
6% for all wealth between 100,000 and 1,000,000 times median household wealth
8% for all wealth over 1,000,000 times median household wealth

Submission + - Internet Providers That Won FCC Grants Try To Escape Broadband Commitments (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: A group of Internet service providers that won government grants are asking the Federal Communication Commission for more money or an "amnesty window" in which they could give up grants without penalty. The ISPs were awarded grants to build broadband networks from the FCC's Rural Digital Opportunity Fund (RDOF), which selected funding recipients in December 2020. A group calling itself the "Coalition of RDOF Winners" has been meeting with FCC officials about their requests for more money or an amnesty window, according to several filings submitted to the commission.

The group says broadband construction costs have soared since the grants were announced. They asked for extra money, quicker payments, relief from letter of credit requirements, or an amnesty window "that allows RDOF winners to relinquish all or part of their RDOF winning areas without forfeitures or other penalties if the Commission chooses not to make supplemental funds available or if the amount of supplemental funds the Commission does make available does not cover an RDOF Winner's costs that exceed reasonable inflation," a July 31 filing said.

A different group of ISPs urged the FCC to reject the request, saying that telcos that win grants by pledging to build networks at a low cost are "gaming" the system by seeking more money afterward. So far, the FCC leadership seems reluctant to provide extra funding. The commission could issue fines to ISPs that default on grants—the FCC recently proposed $8.8 million in fines against 22 RDOF applicants for defaults. The Coalition of RDOF Winners doesn't include every ISP that was granted money from the program. But exactly which and how many ISPs are in the coalition is a mystery.

Submission + - IRS Vows To Digitize All Taxpayer Documents By 2025 (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Today, the US Treasury Department announced that taxpayers will have the choice to go paperless for all Internal Revenue Service (IRS) correspondence in the upcoming 2024 filing season. By 2025, the IRS plans to achieve paperless processing for all tax returns, still accepting paper documents but immediately digitizing them, to "cut processing times in half" and "expedite refunds by several weeks," the Treasury Department said. "The IRS receives about 76 million paper tax returns and forms and 125 million pieces of correspondence, notice responses, and non-tax forms each year, and its limited capability to accept these forms digitally or digitize paper it receives has prevented the IRS from delivering the world-class service taxpayers deserve," the Treasury Department said.

By accelerating paperless processing, the IRS expects to simplify how Americans access their taxpayer data and save millions historically spent on storing more than a billion documents. Digitization can also help eliminate errors, the Treasury Department said, which can "result from manually inputting data from paper returns." And it will help taxpayers more quickly get answers to questions, as IRS customer service employees "do not currently have easy access to the information from paper returns." Starting in 2024, they will. Next filing season, taxpayers will have the option to e-file 20 additional tax forms among the most commonly submitted when amending returns, including forms used to submit information on things like identity theft or proof of eligibility for "key credits and deductions that help low-income households."

"Taxpayers who want to submit paper returns and correspondence can continue to do so," the Treasury Department said, but "all paper will be converted into digital form as soon as it arrives at the IRS." In 2024, the IRS estimates that "more than 94 percent of individual taxpayers will no longer ever need to send mail to the IRS." Once taxpayers arrive at the 2025 filing season, they'll have the option to e-file "an additional 150 of the most used non-tax forms," the Treasury Department said, which "will be available in digital, mobile-friendly formats that make them easy for taxpayers to complete and submit." The IRS prioritized mobile-friendly formats because the agency estimates that "15 percent of Americans rely solely on mobile phones for their Internet access."

Submission + - SpaceX studies use of Starship as space station (arstechnica.com)

Submitted by Amiga Trombone
Amiga Trombone writes: You've probably heard about SpaceX's plans to use its giant new Starship vehicle to land people on the Moon and Mars, send numerous Starlink satellites or large telescopes into space, or perhaps even serve as a high-speed point-to-point terrestrial transport for equipment or people.

There's another application for SpaceX's Starship architecture that the company is studying, and NASA is on board to lend expertise. Though still in a nascent phase of tech development, the effort could result in repurposing Starship into a commercial space station, something NASA has a keen interest in because there are no plans for a government-owned research lab in low-Earth orbit after the International Space Station is decommissioned after 2030.

Submission + - New name for Azure Active Directory (microsoft.com)

Submitted by Joe_Dragon
Joe_Dragon writes: To unify the Microsoft Entra product family, reflect the progression to modern multicloud identity security, and simplify secure access experiences for all, we're renaming Azure Active Directory (Azure AD) to Microsoft Entra ID.

Slashdot Top Deals

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson

Close